Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-07-2024 03:47

General

  • Target

    5ee97ec477be8f8e2278ceb1bea0bf17_JaffaCakes118.exe

  • Size

    562KB

  • MD5

    5ee97ec477be8f8e2278ceb1bea0bf17

  • SHA1

    ca4ab290fe3c350aadbad3ff2a2e061490151baf

  • SHA256

    d11a8fbe4457648302e5760c0aa9cc2ed324c027b42502fc219f1c88d3409c7b

  • SHA512

    91b522bbc0e960aafb228371c18309fb45acd95d00cc657da5106155085620bd4654128e40b7888408fdd32833c64d6778a7c796488c2f51e41b98a279eea418

  • SSDEEP

    12288:nobCQ2kk117mUSCAZHBfI7bSNKRxSIEGpzK6FSkFvI1ZslH4yqY:nobCP7mUFAjpKRxN5pzvcalH4yV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ee97ec477be8f8e2278ceb1bea0bf17_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5ee97ec477be8f8e2278ceb1bea0bf17_JaffaCakes118.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\Delete.bat
      2⤵
        PID:4716
    • C:\Program Files (x86)\Messenger\wdfmgr.ra-
      "C:\Program Files (x86)\Messenger\wdfmgr.ra-"
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1176
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        2⤵
          PID:3964

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Messenger\wdfmgr.ra-

        Filesize

        562KB

        MD5

        5ee97ec477be8f8e2278ceb1bea0bf17

        SHA1

        ca4ab290fe3c350aadbad3ff2a2e061490151baf

        SHA256

        d11a8fbe4457648302e5760c0aa9cc2ed324c027b42502fc219f1c88d3409c7b

        SHA512

        91b522bbc0e960aafb228371c18309fb45acd95d00cc657da5106155085620bd4654128e40b7888408fdd32833c64d6778a7c796488c2f51e41b98a279eea418

      • C:\Windows\Delete.bat

        Filesize

        214B

        MD5

        5733c4d9ef156a975d5f86941e69e0b3

        SHA1

        1a33ffe657240f21082042037ea6b9117f2ae634

        SHA256

        80a09777eb095573498f6a24aa77c3b60f9b1ebbda881c2d7509fb5ac845c108

        SHA512

        2be478140debff70b2a8a5c734e8b4e9de4cb94414616f993071773effcea0826d1ac0de432c203ea0f32f1c9634d7470e79317a7419dca38878c416cabfc923

      • memory/1176-77-0x0000000000400000-0x0000000000580000-memory.dmp

        Filesize

        1.5MB

      • memory/1176-83-0x0000000000400000-0x0000000000580000-memory.dmp

        Filesize

        1.5MB

      • memory/2632-0-0x0000000000400000-0x0000000000580000-memory.dmp

        Filesize

        1.5MB

      • memory/2632-1-0x0000000000B70000-0x0000000000BCA000-memory.dmp

        Filesize

        360KB

      • memory/2632-71-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-70-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-69-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-68-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-67-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-66-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-65-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-64-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-63-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-62-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-61-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-60-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-59-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-58-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-57-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-56-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-55-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-54-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-53-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-52-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-51-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-50-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-49-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-48-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-47-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-46-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-45-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-44-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-43-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-42-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-41-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-40-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-39-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-38-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-37-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-36-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-35-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-34-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-33-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-32-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-31-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-30-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-29-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-28-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-27-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-26-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-25-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-24-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-23-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-22-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-21-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-20-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-19-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-18-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-17-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-16-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-15-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-14-0x0000000003390000-0x0000000003391000-memory.dmp

        Filesize

        4KB

      • memory/2632-13-0x00000000033A0000-0x00000000033A1000-memory.dmp

        Filesize

        4KB

      • memory/2632-12-0x00000000033A0000-0x00000000033A1000-memory.dmp

        Filesize

        4KB

      • memory/2632-11-0x00000000033A0000-0x00000000033A1000-memory.dmp

        Filesize

        4KB

      • memory/2632-10-0x00000000033A0000-0x00000000033A1000-memory.dmp

        Filesize

        4KB

      • memory/2632-9-0x00000000033A0000-0x00000000033A1000-memory.dmp

        Filesize

        4KB

      • memory/2632-8-0x00000000033A0000-0x00000000033A1000-memory.dmp

        Filesize

        4KB

      • memory/2632-7-0x00000000025A0000-0x00000000025A1000-memory.dmp

        Filesize

        4KB

      • memory/2632-6-0x0000000002550000-0x0000000002551000-memory.dmp

        Filesize

        4KB

      • memory/2632-5-0x0000000002580000-0x0000000002581000-memory.dmp

        Filesize

        4KB

      • memory/2632-4-0x0000000002510000-0x0000000002511000-memory.dmp

        Filesize

        4KB

      • memory/2632-3-0x0000000002520000-0x0000000002521000-memory.dmp

        Filesize

        4KB

      • memory/2632-2-0x0000000002530000-0x0000000002531000-memory.dmp

        Filesize

        4KB

      • memory/2632-72-0x0000000002500000-0x0000000002501000-memory.dmp

        Filesize

        4KB

      • memory/2632-80-0x0000000000400000-0x0000000000580000-memory.dmp

        Filesize

        1.5MB

      • memory/2632-81-0x0000000000B70000-0x0000000000BCA000-memory.dmp

        Filesize

        360KB